Templates for a Best Practices Cybersecurity Assessment

| Author
TruMethods

If you have not heard about cybersecurity online, in print, or on the news in the last 10 years, exactly how safe are your customers? Cybersecurity has become a serious topic for businesses and consumers. And unfortunately, cyber threats are set aside in favor of other initiatives and become a bigger problem in the long run.

Creating an initial and ongoing cybersecurity plan requires effort. Best practices are chosen, an assessment is performed, recommendations and gap analysis determine resolution, a project becomes implemented, rinse, and repeat. It is like a Technology Alignment Manager (TAM) onsite assessment with an emphasis on securing Personal Identifiable Information (PII) from malicious threats.

To maintain the security of a customer—and their customers—there are three areas to understand: Threats, Exploits, and Vulnerabilities.

  • A Threat is a person or thing likely to cause damage or danger intentionally or unintentionally. Understanding who, what, and where threats originate assists in reducing the risk of a breach.
  • An Exploit is a method of circumventing or taking advantage of a bug to cause unintended behavior to occur. These are often discovered and used by threats to gain access to software and systems.
  • A Vulnerability is a bug or defect that presents a weakness and exposes it to a threat. These allow unauthorized actions to execute within a system to access confidential information.

The three areas are summed up in a simple sentence: Threats use Exploits to attack Vulnerabilities. Cybersecurity requires detailed attention to all three areas to protect clients. Focusing on one area temporarily relieves risk and is not a permanent solution. Every customer needs a cybersecurity assessment regardless of their industry. Protecting company data is critical and executing the minimum requirements is the least a Technology Success Practice (TSP) can do for its customers.

As of this writing, there are a few templates in our myITprocess software that are available to assist with a company-wide cybersecurity assessment.

  • NIST Cybersecurity Framework (CSF) 1.1
  • NIST 800-171
  • CIS Controls 7.1
  • UK Cyber Essentials

There are many templates available within myITprocess, but this set has particular advantages over others for a general cybersecurity assessment.

  • They are easy to interpret. Many regulations and statutory requirements come directly from the law. It takes a bit of translation to make them understandable for a TAM, vCIO, and the customer.
  • They are industry- and technology-neutral best practices. No specific hardware, software, or service comes recommended by name. This is due to the varying risks different businesses face in their industry.
  • In comparison, they are easy to deploy and maintain. Each of the templates has minimum requirements with maximum effectiveness. Allowing a TAM to maximize their assessment with fewer questions makes a recurring audit workable.

Because these templates are not tied to one industry, they are usable for almost any customer. But take that statement lightly; Industry-specific regulations must follow their own set of rules. For instance, a government contractor must follow NIST 800-171, and performing a CIS Controls 7.1 assessment in its place is not advisable.

There is a lot of flexibility for Technology Service Providers to mix and match questions and categories to fulfill a clear-cut need. Vendor- and technology-neutral guidelines contribute to customized assessments by focusing on risk mitigation and not which brand to use.

cybersecurity ebook

TOPICS: IT standards IT security MSP security cybersecurity

Subscribe To TruMethods Blog

Discover everything you need to know about becoming a top MSP.